KR102423126B1 - Electronic device and control method thereof - Google Patents

Abstract

An electronic device is disclosed. When wireless communication between the sensor, the communication unit, and the relay device and the terminal device is sensed by the sensor, the electronic device identifies whether each of the relay device and the terminal device is an authorized device, and at least one of the relay device or the terminal device is not authorized and a processor for controlling the communication unit so as to transmit a beacon signal including communication channel movement information to the terminal device when it is identified as being a connected device.

Description

Electronic device and control method thereof

The present disclosure relates to an electronic device for blocking a communication connection between a terminal device and a relay device through a wireless intrusion prevention system, and a control method thereof.

With the rapid development and dissemination of the Internet, the network environment is becoming more complex. However, the Internet is exposed to the risk of hacking due to various types of network attacks such as hacking on the Internet, system intrusion, system administrator privilege acquisition, intrusion concealment, denial of service attack, etc. Therefore, in order to solve these Internet security problems, the need for network security technologies such as antivirus, firewall, integrated security management, and intrusion detection system is emerging.

A wireless LAN system for wireless Internet communication includes an access point (AP) and a terminal device. Since a generally used access point provides only a transmission and network support function for wireless traffic, it cannot filter out hacking information that is invaded wirelessly. To solve this problem, a Wireless Intrusion Prevention System (WIPS) is being developed.

The present disclosure is in accordance with the above-mentioned necessity, and an object of the present disclosure is to provide a WIPS-based electronic device for blocking a communication connection between an access point and a terminal device when at least one of an access point or a terminal device is an unauthorized device, and It is to provide a control method.

In an electronic device according to an embodiment of the present disclosure for achieving the above object, when wireless communication between a sensor, a communication unit, and a relay device and a terminal device is sensed by the sensor, each of the relay device and the terminal device is applied A processor for controlling the communication unit to identify whether the device is a device, and to transmit a beacon signal including communication channel movement information to the terminal device when at least one of the relay device or the terminal device is identified as an unauthorized device may include

The processor may generate the beacon signal by including the identification information of the relay device as source information.

The processor may include the identification information of the relay device as the source information and the identification information of the terminal device as the destination information to generate the beacon signal.

Here, the communication channel movement information may include channel information including control information for controlling channel movement and target channel information.

Here, the control information may include information indicating movement of the communication channel, and the target channel information may include target channel information for movement of the communication channel.

The processor, when the first identification information of the first communication channel on which the wireless communication is performed between the relay device and the terminal device is obtained by the sensor, the second identification information of the second communication channel different from the first communication channel may be included in the target channel information to generate the beacon signal.

Here, the second communication channel may be a channel belonging to a band different from a band to which the first communication channel belongs.

Meanwhile, as the terminal device accesses the second communication channel based on the second identification information, communication between the relay device and the terminal device through the first communication channel may be blocked.

Wireless communication between the relay device and the terminal device may be performed according to the IEEE 802.11w standard.

The electronic device may be implemented as a wireless intrusion prevention system (WIPS) device.

A method of controlling an electronic device according to an embodiment of the present disclosure includes the steps of, when wireless communication between a relay device and a terminal device is sensed, identifying whether each of the relay device and the terminal device is an authorized device, and the relay device or When at least one of the terminal devices is identified as an unauthorized device, the method may include transmitting a beacon signal including communication channel movement information to the terminal device.

The control method may further include generating the beacon signal by including identification information of the relay device as source information.

The generating of the beacon signal may include generating the beacon signal by including the identification information of the relay device as the source information and the identification information of the terminal device as the destination information.

Here, the communication channel movement information may include channel information including control information for controlling channel movement and target channel information.

Here, the control information may include information indicating movement of the communication channel, and the target channel information may include target channel information for movement of the communication channel.

The control method may include, when first identification information of a first communication channel on which wireless communication is performed between the relay device and the terminal device is obtained by the sensor, a second identification of a second communication channel different from the first communication channel The method may further include generating the beacon signal by including information in the target channel information.

Here, the second communication channel may be a channel belonging to a band different from a band to which the first communication channel belongs.

Meanwhile, as the terminal device accesses the second communication channel based on the second identification information, communication between the relay device and the terminal device through the first communication channel may be blocked.

Here, the wireless communication between the relay device and the terminal device may be performed according to the IEEE 802.11w standard.

The electronic device may be implemented as a wireless intrusion prevention system (WIPS) device.

In a non-transitory computer-readable medium storing computer instructions that cause the electronic device to perform an operation when executed by a processor of an electronic device according to an embodiment of the present disclosure, the operation is performed between a relay device and a terminal device When wireless communication is sensed, identifying whether each of the relay device and the terminal device is an authorized device, and when at least one of the relay device or the terminal device is identified as an unauthorized device, communication channel movement information The method may include transmitting a beacon signal including a beacon signal to the terminal device.

As described above, according to various embodiments of the present disclosure, it is possible to block a communication connection between the relay device and the terminal device even in a network environment to which the IEEE 802.11w standard is applied.

In addition, since the communication connection between the relay device and the terminal device is blocked using the beacon signal, the load of the electronic device is reduced.

1 is a diagram illustrating an electronic system according to an embodiment of the present disclosure.
2 is a block diagram illustrating an operation of an electronic device according to an embodiment of the present disclosure.
3 is a block diagram illustrating a detailed configuration of the electronic device 100 .
4 is a diagram for explaining a configuration of a broadcast beacon frame according to an embodiment of the present disclosure.
5 is a diagram for describing a configuration of a unicast beacon frame according to an embodiment of the present disclosure.
6 is a flowchart illustrating a method of controlling an electronic device according to an embodiment of the present disclosure.

Hereinafter, the present disclosure will be described in detail with reference to the accompanying drawings.

Terms used in this specification will be briefly described, and the present disclosure will be described in detail.

The terms used in the embodiments of the present disclosure are selected as currently widely used general terms as possible while considering the functions in the present disclosure, which may vary depending on the intention or precedent of a person skilled in the art, the emergence of new technology, etc. . In addition, in specific cases, there are also terms arbitrarily selected by the applicant, and in this case, the meaning will be described in detail in the description of the corresponding disclosure. Therefore, the terms used in the present disclosure should be defined based on the meaning of the term and the contents of the present disclosure, rather than the simple name of the term.

Embodiments of the present disclosure may apply various transformations and may have various embodiments, and specific embodiments will be illustrated in the drawings and described in detail in the detailed description. However, this is not intended to limit the scope of the specific embodiments, and it should be understood to include all transformations, equivalents and substitutions included in the spirit and scope of the disclosure. In describing the embodiments, if it is determined that a detailed description of a related known technology may obscure the subject matter, the detailed description thereof will be omitted.

The singular expression includes the plural expression unless the context clearly dictates otherwise. In the present application, terms such as "comprises" or "consisting of" are intended to designate that the features, numbers, steps, operations, components, parts, or combinations thereof described in the specification exist, but one or more other It is to be understood that this does not preclude the possibility of addition or presence of features or numbers, steps, operations, components, parts, or combinations thereof.

The expression "at least one of A and/or B" is to be understood as indicating either "A" or "B" or "A and B".

As used herein, expressions such as "first," "second," "first," or "second," can modify various elements, regardless of order and/or importance, and refer to one element. It is used only to distinguish it from other components, and does not limit the components.

A component (eg, a first component) is "coupled with/to (operatively or communicatively)" to another component (eg, a second component) When referring to "connected to", it should be understood that a component may be directly connected to another component or may be connected through another component (eg, a third component).

In the present disclosure, a "module" or "unit" performs at least one function or operation, and may be implemented as hardware or software, or a combination of hardware and software. In addition, a plurality of “modules” or a plurality of “units” are integrated into at least one module and implemented with at least one processor (not shown) except for “modules” or “units” that need to be implemented with specific hardware. can be In this specification, the term user may refer to a person who uses an electronic device or a device (eg, an artificial intelligence electronic device) using the electronic device.

Hereinafter, with reference to the accompanying drawings, embodiments of the present disclosure will be described in detail so that those of ordinary skill in the art to which the present disclosure pertains can easily implement them. However, the present disclosure may be implemented in several different forms and is not limited to the embodiments described herein. And in order to clearly explain the present disclosure in the drawings, parts irrelevant to the description are omitted, and similar reference numerals are attached to similar parts throughout the specification.

Hereinafter, an embodiment of the present disclosure will be described in more detail with reference to the accompanying drawings.

1 is a diagram illustrating an electronic system according to an embodiment of the present disclosure.

The electronic system 1000 includes an electronic device 100 , a relay device 200 , a terminal device 300 , and a server 400 .

According to an embodiment of the present disclosure, the electronic device 100 is a device capable of blocking a communication connection between the relay device 200 and the terminal device 300 and may be implemented as a Wireless Intrusion Prevention System (WIPS) device. However, the present invention is not limited thereto, and may be implemented in various forms as long as it is a device capable of blocking a communication connection of an unauthorized device. Here, WIPS is a system that detects and responds to security threats in a wireless LAN environment. Specifically, the WIPS is a system that periodically monitors the relay device 200 and the terminal device 300 to prevent an unauthorized access of the relay device 200 or the terminal device 300 or block a communication connection. WIPS may be called a wireless firewall, web, wireless network security solution, etc., but hereinafter, for convenience of description, it will be collectively referred to as WIPS.

The relay device 200 is a device that allows the terminal device 300 to access a network. The relay device 200 may be referred to as an access point (AP), and may be connected to a router to relay data between the terminal device 300 and devices on a network.

The terminal device 300 is a device capable of accessing a network through a communication connection with the relay device 200 and is a device that provides an Internet service to a user. The terminal device 300 may be implemented as a smart phone, a tablet PC, a mobile phone, a desktop PC, a laptop PC, a netbook computer, a PDA, a portable multimedia player (PMP), an MP3 player, a camera, a wearable device, and the like.

The server 400 is configured to transmit and receive data to and from the electronic device 100 . For example, the server 400 may transmit information of an unauthorized relay device or an unauthorized terminal device to the electronic device 100 , or may receive information obtained from the electronic device 100 . The server 400 may be implemented as a WIPS-based server.

On the other hand, when wireless communication between the relay device 200 and the terminal device 300 is connected and at least one of the relay device 200 or the terminal device 300 is an unauthorized device, the relay device ( 200) and the terminal device 300 need to block a wireless communication connection. Hereinafter, various embodiments of the present disclosure will be described in detail with reference to the drawings.

2 is a block diagram illustrating an operation of an electronic device according to an embodiment of the present disclosure.

According to FIG. 2 , the electronic device 100 includes a sensor 110 , a communication unit 120 , and a processor 130 .

The sensor 110 is a component capable of monitoring a radio frame. The sensor 110 includes a MAC address of the relay device 200 and the terminal device 300 based on the monitored radio frame, security settings, frame appearance frequency, transmission rate, data size, SSID, communication channel, Information such as RSSI may be obtained. Here, the radio frame means a unit of a radio signal.

In particular, the sensor 110 may monitor the 2.4Ghz and 5Ghz bands used in a wireless network to which the IEEE 802.11 standard is applied. Accordingly, the sensor 110 may sense whether communication is connected between the relay device 200 and the terminal device 300 . Information obtained from the sensor 110 may be transmitted to the server 400 under the control of the processor 130 .

Meanwhile, the sensor 110 may be implemented as a WIPS sensor, but is not limited thereto and may be implemented in various forms as long as it is a sensor capable of monitoring a radio frame.

The communication unit 120 is configured to transmit a signal to the relay device 200 and the terminal device 300 . For example, the communication unit 120 may transmit a signal to the outside according to a wireless communication method, BT (BlueTooth), WI-FI (Wireless Fidelity), Zigbee, IR (Infrared), Serial Interface, USB (Universal Serial Bus) , NFC (Near Field Communication), V2X (Vehicle to Everything), a communication method such as mobile communication (Cellular) can be used.

Also, the communication unit 120 may unicast a signal to a specific device or broadcast a signal to all devices under the control of the processor 130 .

In particular, the communication unit 120 may transmit a beacon signal to the outside based on the Bluetooth communication method. However, the present invention is not limited thereto, and a beacon signal may be externally radiated according to various communication methods.

The processor 130 controls the overall operation of the electronic device 100 .

According to an embodiment of the present disclosure, the processor 130 may be implemented as a digital signal processor (DSP), a microprocessor, or a time controller (TCON) for processing a digital signal. Without limitation, a central processing unit (CPU), a micro controller unit (MCU), a micro processing unit (MPU), a controller, an application processor (AP), or a communication processor ( communication processor (CP)), may include one or more of an ARM processor, or may be defined by a corresponding term In addition, the processor 130 may include a system on chip (SoC), large scale integration (LSI) in which a processing algorithm is embedded. ) or implemented in the form of a field programmable gate array (FPGA), the processor 130 performs various functions by executing computer executable instructions stored in a storage unit (not shown). can do.

According to an embodiment of the present disclosure, when the wireless communication between the relay device 200 and the terminal device 300 is sensed by the sensor 110 , the processor 130 performs the relay device 200 and the terminal device 300 respectively. Whether this is an authorized device can be identified.

Specifically, the processor 130 may identify whether each of the relay device 200 and the terminal device 300 is an authorized device based on information obtained from the sensor 110 . For example, the processor 130 may determine the MAC address of each of the relay device 200 and the terminal device 300 obtained from the sensor 110 , security settings, frame appearance frequency, transmission rate, data size, Whether each of the relay device 200 and the terminal device 300 is an authorized device may be identified based on information such as an SSID, a communication channel, and RSSI. For example, the processor 130 compares the identification information of the device stored in the storage unit (not shown) with the identification information of the relay device 200 and the terminal device 300 obtained from the sensor 110 to obtain an unauthorized device. It can be identified whether or not For example, MAC addresses of access points used in the company and MAC address information of mobile terminals of employees may be stored in the storage unit. The processor 130 compares the MAC address information of the access point or the MAC address information of the terminal device obtained from the sensor 110 with the MAC address information stored in the storage unit and identifies the device as an unauthorized device if they do not match. can do.

Alternatively, the processor 130 may identify whether the relay device 200 and the terminal device 300 are unauthorized devices through the Market Packet Test method, the Open AP Test method, the MAC Adjacency Test method, or the like. Here, in the Market Packet Test method, when the processor 130 transmits a signal having a unique identifier to a test target device through a wired network, and the test target device broadcasts the signal over the air, the electronic device Reference numeral 100 compares the MAC address of a signal having a unique identifier with the MAC address of an authorized device to identify whether the corresponding device is an unauthorized device. In the Open AP Test method, the processor 130 allows a device to be tested and the electronic device 100 to be wirelessly connected, and the processor 130 steals identification information of the device to be tested and sends it to a server connected to the device. It is a technology that transmits a signal through a wired network and identifies whether the device is an unauthorized device depending on whether the signal is transmitted to the server. The MAC Adjacency Test method is a technique for identifying whether a device is an unauthorized device by comparing the wired MAC address and the wireless MAC address of the device to be tested. Since the above-described technology is a known technology, a detailed description thereof will be omitted.

According to another embodiment, the processor 130 obtains from the sensor 110 a MAC address of each of the relay device 200 and the terminal device 300 , security settings, frame appearance frequency, transmission rate, and data. Information such as size, SSID, communication channel, RSSI, etc. may be transmitted to the external server 400, and the external server 400 may identify whether each of the relay device 200 and the terminal device 300 is an authorized device. . In this case, the processor 130 may receive information on whether each of the relay device 200 and the terminal device 300 is authorized from the external server 400 and identify it.

Of course, the processor 130 may identify whether the relay device 200 and the terminal device 300 are unauthorized devices using various methods other than the above-described method.

When at least one of the relay device 200 and the terminal device 300 is identified as an unauthorized device, the processor 130 transmits a signal including communication channel movement information to the terminal device 300 to the communication unit 120 . can control Specifically, the processor 130 may generate and transmit a beacon signal including communication channel movement information. Here, the beacon signal is a signal having a specific frequency and transmitted at a predetermined period. Meanwhile, the processor 130 may transmit a beacon signal in units of beacon frames.

The processor 130 may generate a beacon signal by including identification information of the relay device 200 as source information. Here, the identification information may include information indicating the ID of the corresponding device, such as a Mac address. The source information is information indicating the source of the corresponding signal. That is, the source information may indicate sender information of the corresponding signal. The processor 130 includes identification information of the relay device 200 in the sender information of the beacon signal transmitted by the processor 130, so that the relay device 200 may forge the beacon signal as if it were transmitted. Accordingly, the terminal device 300 may identify the beacon signal as a signal transmitted from the relay device 200 and perform an operation corresponding to the information included in the beacon signal.

Meanwhile, the processor 130 may block a communication connection performed between the relay device 200 and the terminal device 300 by transmitting a beacon signal including communication channel movement information. Here, the communication channel movement information may include channel information including control information for controlling channel movement and target channel information. Here, the control information may include information indicating movement of the communication channel, and the target channel information may include target channel information for movement of the communication channel. That is, the control information may include information on whether to move the communication channel, and the target channel information may include information on the communication channel to move. The communication channel movement information may be implemented as a Channel Switch Announcement (CSA) field.

When the first identification information of the first communication channel on which the wireless communication is performed between the relay device 200 and the terminal device 300 is obtained by the sensor 110 , the processor 130 performs a second communication different from the first communication channel. The beacon signal may be generated by including the second identification information of the channel in the target channel information. Here, the identification information of the communication channel may include band information of the communication channel and channel number information of the communication channel.

For example, it is assumed that the relay device 200 and the terminal device 300 are in communication connection on channel 1 . The processor 130 may acquire identification information (channel 1) of a communication channel connected between the relay device 200 and the terminal device 300 by the sensor 110 . Thereafter, the processor 130 may generate a beacon signal by including identification information of the second channel, which is different from the first channel, in the target channel information. In addition, since the source information of the beacon signal includes identification information of the relay device 200 , the terminal device 300 misidentifies that the beacon signal is transmitted from the relay device 200 , and communication included in the received beacon signal. Based on the channel movement information, the communication connection in the channel 1 that is currently communicating may be disconnected, and after moving to the channel 2, communication connection with the relay device 200 may be attempted. The relay device 200 attempts a communication connection with the terminal device 300 on channel 1 to reconnect the communication connection that has been broken with the terminal device 300 , but the terminal device 300 is moved to the second channel. A communication connection between the relay device 200 and the terminal device 300 may be blocked.

That is, as the terminal device 300 accesses the second communication channel based on the second identification information, communication performed between the relay device 200 and the terminal device 300 through the first communication channel may be blocked. have.

According to an embodiment, the second communication channel may be a channel belonging to a band different from a band to which the first communication channel belongs. That is, the processor 130 includes, in the target channel information, identification information of the second channel belonging to a band different from the band of the first communication channel through which the wireless communication between the relay device 200 and the terminal device 300 is performed, in the target channel information to signal the beacon signal. can create

For example, when the first communication channel through which the communication between the relay device 200 and the terminal device 300 is performed is the first channel of 2.4Ghz, the processor 130 may select a communication channel belonging to a band different from that of 2.4Ghz, one For example, a beacon signal may be generated by including channel 36 information of 5Ghz in target channel information. Thereafter, the terminal device 300 may identify the received beacon signal as a signal transmitted from the relay device 200 . The terminal device 300 terminates the communication connection on channel 1 of 2.4Ghz, which is the currently communicating channel, based on the beacon signal, and moves to channel 36 of 5Ghz to communicate with the relay device 200 . .

As such, when the inter-band communication channel is moved based on the beacon signal transmitted from the electronic device 100 , reconnection between the relay device 200 and the terminal device 300 whose communication connection is blocked may be relatively more difficult. have.

Meanwhile, the processor 130 may generate a beacon signal by including the identification information of the relay device 200 as source information and the identification information of the terminal device 300 as destination information of the beacon signal. Here, the destination information may be information on the recipient to which the beacon signal arrives.

For example, when a specific terminal device is identified as an unauthorized device, the processor 130 may include the MAC address of the unauthorized terminal device as destination information to transmit a beacon signal to the corresponding terminal device. That is, the processor 130 unicasts the beacon signal generated by including the identification information of the unauthorized terminal device as destination information to the corresponding terminal device, so that the corresponding terminal device may block communication connection with the relay device 200 . have.

Alternatively, the processor 130 may not include the identification information of the specific terminal device in the destination information. For example, when the processor 130 allocates FF:FF:FF:FF:FF:FF as destination information of the beacon signal, the beacon signal may be transmitted to all terminal devices. That is, the processor 130 broadcasts a beacon signal so that all devices connected to the relay device 200 may block communication connections with the relay device 200 .

For example, when the relay device 200 is an unauthorized device, an embodiment in which such a beacon signal is broadcast to block communication connections of all terminal devices 300 connected to the unauthorized relay device 200 will be used. can Alternatively, when all terminal devices 300 connected to the authorized relay device 200 are unauthorized devices, in order to block communication connections of all of the unauthorized terminal devices 300 connected to the authorized relay device 200 An embodiment in which a beacon signal is broadcast may be used.

Meanwhile, the wireless communication of the present disclosure may be communication performed according to the IEEE 802.11 standard. In particular, wireless communication between the relay device 200 and the terminal device 300 may be communication performed according to the IEEE 802.11w standard. Here, IEEE 802.11w is a standard that improves the security of the management frame, and is a standard modified from IEEE 802.11. However, the present disclosure is not limited thereto, and it goes without saying that embodiments of the present disclosure may be applied to wireless communication to which various standards are applied.

Meanwhile, the load of the electronic device 100 may be reduced by using the beacon signal as a transmission signal of the electronic device 100 . Conventionally, the electronic device 100 transmits a separate signal from each terminal device 300 to block a communication connection with the relay device 200. However, according to an embodiment of the present disclosure, when broadcasting a beacon signal, each Since there is no need to transmit/receive a separate signal with the terminal device 300 , the load of the electronic device 100 may be reduced.

Meanwhile, the electronic device 100 of the present disclosure may be implemented as a Wireless Intrusion Prevention System (WIPS) device. However, the present invention is not limited thereto, and may be implemented in various forms as long as it is a device capable of blocking a communication connection of an unauthorized device.

Meanwhile, although the electronic device 100 has been described above as blocking communication between the relay device 200 and the terminal device 300 connected to wireless communication, in some cases, the communication connection between the relay device 200 and the terminal device 300 is pre-established. can also be blocked.

3 is a block diagram illustrating a detailed configuration of the electronic device 100 .

Referring to FIG. 3 , the electronic device 100 includes a sensor 110 , a communication unit 120 , a processor 130 , and a storage unit 140 . A detailed description of the portion overlapping with the configuration shown in FIG. 2 among the configuration shown in FIG. 3 will be omitted.

The processor 130 generally controls the operation of the electronic device 100 using various programs stored in the storage 140 .

Specifically, the processor 130 includes a RAM 131 , a ROM 132 , a main CPU 133 , first to n interfaces 134 - 1 to 134 -n , and a bus 135 .

The RAM 131 , the ROM 132 , the main CPU 133 , and the first to n interfaces 134 - 1 to 134 - n may be connected to each other through the bus 135 .

The ROM 132 stores an instruction set for system booting, and the like. When a turn-on command is input and power is supplied, the main CPU 133 copies the O/S stored in the storage unit 140 to the RAM 131 according to the command stored in the ROM 132, and executes the O/S. Boot the system. When booting is completed, the main CPU 133 copies various application programs stored in the storage unit 140 to the RAM 131 , and executes the application programs copied to the RAM 131 to perform various operations.

The main CPU 133 accesses the storage unit 140 and performs booting using the O/S stored in the storage unit 140 . Then, various operations are performed using various programs and content data stored in the storage unit 140 .

The first to n-th interfaces 134-1 to 134-n are connected to the various components described above. One of the interfaces may be a network interface connected to an external device through a network.

The storage unit 140 includes a MAC address of each of the relay device 200 and the terminal device 300 acquired by the sensor 110 , communication channel information, security settings, frame appearance frequency, transmission rate, and data. Information such as size, SSID, communication channel, and RSSI can be stored.

Also, the storage unit 140 may store identification information of the relay device 200 and the terminal device 300 that are identified as being authorized. For example, the storage unit 140 may store MAC address information of an access point used in the company and MAC address information of a portable terminal.

The storage unit 140 is implemented as an internal memory such as a ROM (eg, electrically erasable programmable read-only memory (EEPROM)) included in the processor 130, a RAM, or the like, or the processor 130 . and may be implemented as a separate memory. In this case, the storage unit 140 may be implemented in the form of a memory embedded in the electronic device 100 or may be implemented in the form of a memory detachable to the electronic device 100 depending on the purpose of data storage. For example, data for driving the electronic device 100 is stored in a memory embedded in the electronic device 100 , and data for an extended function of the electronic device 100 is detachable from the electronic device 100 . It can be stored in any available memory. Meanwhile, in the case of a memory embedded in the electronic device 100 , a volatile memory (eg, dynamic RAM (DRAM), static RAM (SRAM), or synchronous dynamic RAM (SDRAM), etc.), non-volatile memory (non-volatile memory) ( Examples: one time programmable ROM (OTPROM), programmable ROM (PROM), erasable and programmable ROM (EPROM), electrically erasable and programmable ROM (EEPROM), mask ROM, flash ROM, flash memory (such as NAND flash or NOR flash, etc.) ), a hard drive, or a solid state drive (SSD), and in the case of a memory that is removable to the electronic device 100, a memory card (eg, compact flash (CF), SD ( secure digital), Micro-SD (micro secure digital), Mini-SD (mini secure digital), xD (extreme digital), MMC (multi-media card), etc.), external memory that can be connected to the USB port (e.g., USB memory) and the like.

4 is a diagram for describing a configuration of a broadcast beacon frame according to an embodiment of the present disclosure.

4 is an example of a beacon frame when the electronic device 100 broadcasts a beacon signal without predetermined destination information.

The electronic device 100 may broadcast a beacon frame as shown in FIG. 4 to block communication connections of all terminal devices 300 connected to the relay device 200 . For example, when the relay device 200 is an unauthorized device, an embodiment in which a beacon frame is broadcast to block communication connections of all terminal devices 300 connected to the unauthorized relay device 200 will be used. can Alternatively, when all terminal devices 300 connected to the authorized relay device 200 are unauthorized devices, in order to block communication connections of all of the unauthorized terminal devices 300 connected to the authorized relay device 200 An embodiment in which a beacon frame is broadcast may be used.

Here, the destination MAC is a configuration that means destination information of the beacon signal. In general, the destination MAC may include the MAC address of the terminal device 300 to which the beacon signal is to be transmitted. However, since it is assumed that a beacon frame is broadcast in FIG. 4 , the MAC address of a specific terminal device is not included, but a Broadcast MAC indicating broadcast may be included. For example, FF:FF:FF:FF:FF:FF indicating broadcast may be allocated to the destination MAC.

Source MAC is a configuration that means source information, that is, sender information. In general, the source MAC may include the MAC address of the relay device 200 that transmits the beacon signal. The terminal device 300 may identify the sender of the corresponding frame based on the Source MAC included in the beacon frame.

According to an embodiment of the present disclosure, the electronic device 100 may transmit the beacon frame by including the MAC address of the relay device 200 communicating with the terminal device 300 in the source MAC. That is, the electronic device 100 may forge the beacon frame transmitted by the relay device 300 . In this case, the terminal device 300 receiving the beacon frame may mistakenly believe that the beacon frame is transmitted from the relay device 200 communicating with the terminal device 300 .

Length is information indicating the length of the frame. As shown in FIG. 4 , when the Length is 03, it may indicate that 3 bytes of information are included.

Channel Switch Mode is information indicating whether a communication channel is moved. Channel Switch Mode may contain 0 or 1. When Channel Switch Mode is indicated as 0, the communication channel is not moved, and when it is indicated as 1, the communication channel can be moved. That is, the Channel Switch Mode may be information corresponding to the control information instructing movement of the above-described communication channel.

The New Channel Number may indicate identification information of a communication channel to which the terminal device is to be moved. For example, if the New Channel Number is 1, it indicates that the channel to be moved is the 1st channel. In general, channels 1 to 13 may be included in the 2.4Ghz band, and channels 36 to 165 may be included in the 5Ghz band. That is, the New Channel Number may include band information.

The electronic device 100 acquires a communication connection channel between the relay device 200 and the terminal device 300 , and allocates a different channel to a new channel number to establish a communication connection between the relay device 200 and the terminal device 300 . can be blocked Since this has been described above, a detailed description thereof will be omitted.

The Channel Switch Count is information indicating whether to move to the communication channel included in the New Channel Number when a frame including communication channel movement information is transmitted. For example, when the Channel Switch Count is 4, the terminal device 300 may move to the communication channel included in the New Channel Number when the beacon frame including the communication channel movement information is received 4 times.

5 is a diagram for describing a configuration of a unicast beacon frame according to an embodiment of the present disclosure.

5 is an example of a beacon frame including preset destination information.

The electronic device 100 may unicast a beacon frame as shown in FIG. 5 to block a communication connection of a specific terminal device 300 connected to the relay device 200 . For example, when a specific terminal device 300 is not authorized, an embodiment in which a beacon frame is unicast to block a communication connection between the corresponding terminal device 300 and the relay device 200 may be used.

Specifically, the electronic device 100 may unicast by including the MAC address of the specific terminal device 300 in the destination MAC. In this case, only the terminal device 300 corresponding to the corresponding MAC address may receive the unicast beacon frame, and may block the communication connection with the communicating relay device 200 based on the received beacon frame. If there is another terminal device 300 other than that, it is possible to check the destination MAC information included in the beacon frame and ignore it. Accordingly, the authorized terminal device 300 may maintain a communication connection with the relay device 200 .

Source MAC, Length, Channel Switch Mode, New Channel Number, and Channel Switch Count shown in FIG. 5 overlap those shown in FIG. 4, and thus detailed descriptions thereof will be omitted.

6 is a flowchart illustrating a method of controlling an electronic device according to an embodiment of the present disclosure.

When wireless communication between the relay device 200 and the terminal device 300 is sensed, the electronic device 100 may identify whether each of the relay device and the terminal device is an authorized device ( S610 ).

For example, the electronic device 100 may include a MAC address of each of the relay device 200 and the terminal device 300 , security settings, frame appearance frequency, transmission rate, data size, SSID, communication channel, RSSI, and so on. etc. may be acquired, and whether each of the relay device 200 and the terminal device 300 is an authorized device may be identified based on the acquired information. For example, the electronic device 100 may identify whether the device is an unauthorized device by comparing identification information of the device stored as an authorized device with identification information of the relay device 200 and the terminal device 300 . For example, MAC addresses of access points used in the company and MAC address information of mobile terminals of employees may be stored in the electronic device 100 . The electronic device 100 compares the obtained MAC address of the access point or MAC address information of the terminal device with the stored MAC address information and, if they do not match, may identify the corresponding device as an unauthorized device.

Alternatively, the electronic device 100 may identify whether the relay device 200 and the terminal device 300 are unauthorized devices through the Market Packet Test method, the Open AP Test method, the MAC Adjacency Test method, or the like.

According to another embodiment, the electronic device 100 may receive information on whether each of the relay device 200 and the terminal device 300 is authorized from the server 400 and identify it.

When at least one of the relay device 200 and the terminal device 300 is identified as an unauthorized device, the electronic device 100 may transmit a beacon signal including communication channel movement information to the terminal device 300 ( S620).

Specifically, the electronic device 100 may generate a beacon signal by including the identification information of the relay device 200 as source information. When the electronic device 100 intends to transmit a beacon signal to a specific terminal device 300, the beacon signal may be generated by including the identification information of the corresponding terminal device 300 as destination information, and the generated beacon signal may be unicast. have. Alternatively, when the electronic device 100 intends to transmit a beacon signal to all terminal devices 300 , the beacon signal is generated by including FF:FF:FF:FF:FF:FF as destination information, and the generated beacon signal is broadcasted. can be cast

Here, the communication channel movement information may include channel information including control information for controlling channel movement and target channel information. Here, the control information may include information indicating movement of the communication channel, and the target channel information may include target channel information for movement of the communication channel. That is, the control information may include information on whether to move the communication channel, and the target channel information may include information on the communication channel to move. The communication channel movement information may be implemented as a Channel Switch Announcement (CSA) field.

When the electronic device 100 obtains first identification information of a first communication channel through which wireless communication is performed between the relay device 200 and the terminal device 300 , a second identification of a second communication channel different from the first communication channel The beacon signal may be generated by including the information in the target channel information. Here, the second communication channel may be a channel belonging to a band different from a band to which the first communication channel belongs. For example, when the first communication channel is a 2.4Ghz band, the second communication channel may be a 5Ghz band.

As the terminal device 300 accesses the second communication channel based on the second identification information, communication performed between the relay device 200 and the terminal device 300 through the first communication channel may be blocked.

Meanwhile, the wireless communication of the present disclosure may be communication performed according to the IEEE 802.11 standard. In particular, wireless communication between the relay device 200 and the terminal device 300 may be communication performed according to the IEEE 802.11w standard. Here, IEEE 802.11w is a standard that improves the security of the management frame, and is a standard modified from IEEE 802.11. However, the present disclosure is not limited thereto, and it goes without saying that embodiments of the present disclosure may be applied to wireless communication to which various standards are applied.

Meanwhile, the electronic device 100 may be implemented as a wireless intrusion prevention system (WIPS) device, but is not limited thereto.

Since the detailed operation of each step has been described above, a detailed description thereof will be omitted.

Meanwhile, at least some of the above-described methods according to various embodiments of the present disclosure may be installed in an existing electronic device and may be implemented in the form of an application that is software directly used by a user on an OS.

In addition, at least some components of the methods according to various embodiments of the present disclosure described above may be implemented only by software upgrade or hardware upgrade of an existing electronic device.

In addition, various embodiments of the present disclosure described above may be performed through an embedded server provided in an electronic device, or an external server of at least one of an electronic device and a display device.

Meanwhile, according to a temporary example of the present disclosure, the various embodiments described above may be implemented as software including instructions stored in a machine-readable storage media readable by a machine (eg, a computer). The device is a device capable of calling a stored instruction from a storage medium and operating according to the called instruction, and may include an electronic device according to the disclosed embodiments. When the instruction is executed by a processor, the processor directly, Alternatively, a function corresponding to the instruction may be performed using other components under the control of the processor. The instruction may include code generated or executed by a compiler or an interpreter. It may be provided in the form of a non-transitory storage medium, where 'non-transitory' means that the storage medium does not include a signal and is tangible, but data is stored in the storage medium semi-permanently or It does not distinguish between temporary storage.

In addition, according to an embodiment of the present disclosure, the method according to the various embodiments described above may be provided by being included in a computer program product. Computer program products may be traded between sellers and buyers as commodities. The computer program product may be distributed in the form of a machine-readable storage medium (eg, compact disc read only memory (CD-ROM)) or online through an application store (eg, Play Store™). In the case of online distribution, at least a portion of the computer program product may be temporarily stored or temporarily generated in a storage medium such as a memory of a server of a manufacturer, a server of an application store, or a relay server.

In addition, according to an embodiment of the present disclosure, the various embodiments described above are stored in a recording medium readable by a computer or a similar device using software, hardware, or a combination thereof. can be implemented in In some cases, the embodiments described herein may be implemented by the processor itself. According to the software implementation, embodiments such as the procedures and functions described in this specification may be implemented as separate software modules. Each of the software modules may perform one or more functions and operations described herein.

Meanwhile, computer instructions for performing the processing operation of the device according to the above-described various embodiments may be stored in a non-transitory computer-readable medium. When the computer instructions stored in the non-transitory computer-readable medium are executed by the processor of the specific device, the specific device performs the processing operation in the device according to the various embodiments described above. Here, the operation includes: when wireless communication between the relay device 200 and the terminal device 300 is sensed, identifying whether each of the relay device 200 and the terminal device 300 is an authorized device; and the relay device 200 ) or when at least one of the terminal device 300 is identified as an unauthorized device, transmitting a beacon signal including communication channel movement information to the terminal device 300 .

The non-transitory computer-readable medium refers to a medium that stores data semi-permanently, rather than a medium that stores data for a short moment, such as a register, cache, memory, etc., and can be read by a device. Specific examples of the non-transitory computer-readable medium may include a CD, DVD, hard disk, Blu-ray disk, USB, memory card, ROM, and the like.

According to an embodiment, the method according to various embodiments of the present disclosure may be provided by being included in a computer program product. Computer program products may be traded between sellers and buyers as commodities. The computer program product may be distributed in the form of a device-readable storage medium (eg compact disc read only memory (CD-ROM)) or online through an application store (eg Play Store ^TM , App Store ^TM ). have. In the case of online distribution, at least a portion of the computer program product may be temporarily stored or temporarily generated in a storage medium such as a memory of a server of a manufacturer, a server of an application store, or a relay server.

In addition, each of the components (eg, a module or a program) according to the above-described various embodiments may be composed of a single or a plurality of entities, and some sub-components of the aforementioned sub-components may be omitted, or other sub-components may be omitted. Components may be further included in various embodiments. Alternatively or additionally, some components (eg, a module or a program) may be integrated into a single entity to perform the same or similar functions performed by each corresponding component prior to integration. According to various embodiments, operations performed by a module, program, or other component may be sequentially, parallelly, repetitively or heuristically executed, or at least some operations may be executed in a different order, omitted, or other operations may be added. can

In the above, preferred embodiments of the present disclosure have been illustrated and described, but the present disclosure is not limited to the specific embodiments described above, and is commonly used in the technical field pertaining to the present disclosure without departing from the gist of the present disclosure as claimed in the claims. Various modifications may be made by those having the knowledge of

100: electronic device 110: sensor
120: communication unit 130: processor
140: storage unit 200: relay device
300: terminal device 400: server
1000: electronic system

Claims (19)

sensor;
communication department; and
When wireless communication between the relay device and the at least one terminal device is sensed by the sensor, it is identified whether each of the relay device and the at least one terminal device is an authorized device,
generating a beacon signal by including identification information of the relay device as source information;
a processor for controlling the communication unit to transmit the beacon signal including communication channel movement information to the at least one terminal device when at least one of the relay device or the at least one terminal device is identified as an unauthorized device; includes,
The processor is
When the at least one terminal device is identified as the unauthorized device, the beacon signal is generated by including the identification information of the at least one terminal device as destination information,
When the relay device is identified as the unauthorized device, the beacon signal is broadcast,
Identification information of the relay device and the at least one terminal device,
Each of the relay device and the at least one terminal device includes at least one of MAC address information, frame appearance frequency information, transmission rate information, data size information, communication channel information, and Received Signal Strength Indicator (RSSI) information. which is an electronic device.
delete delete According to claim 1,
The communication channel movement information,
It includes channel information including control information for controlling channel movement and target channel information,
The control information includes information indicating movement of the communication channel,
The target channel information includes target channel information for moving the communication channel, the electronic device.
5. The method of claim 4,
The processor is
When first identification information of a first communication channel on which wireless communication is performed between the relay device and the terminal device is obtained by the sensor, second identification information of a second communication channel different from the first communication channel is set to the target channel An electronic device that includes information to generate the beacon signal.
6. The method of claim 5,
The second communication channel is a channel belonging to a band different from a band to which the first communication channel belongs.
6. The method of claim 5,
As the terminal device accesses the second communication channel based on the second identification information, communication performed between the relay device and the terminal device through the first communication channel is blocked.
The method of claim 1,
Wireless communication between the relay device and the terminal device,
An electronic device that is performed according to the IEEE 802.11w standard.
According to claim 1,
The electronic device is
An electronic device implemented as a Wireless Intrusion Prevention System (WIPS) device.
when wireless communication between a relay device and at least one terminal device is sensed by a sensor, identifying whether each of the relay device and the at least one terminal device is an authorized device;
generating a beacon signal by including identification information of the relay device as source information; and
When at least one of the relay device or the at least one terminal device is identified as an unauthorized device, transmitting the beacon signal including communication channel movement information to the at least one terminal device; In the control method of
The control method is
When the at least one terminal device is identified as the unauthorized device, the beacon signal is generated by including the identification information of the at least one terminal device as destination information, and the relay device is determined to be the unauthorized device If identified, broadcast the beacon signal,
Identification information of the relay device and the at least one terminal device,
Each of the relay device and the at least one terminal device includes at least one of MAC address information, frame appearance frequency information, transmission rate information, data size information, communication channel information, and Received Signal Strength Indicator (RSSI) information. A method of controlling an electronic device.
delete delete 11. The method of claim 10,
The communication channel movement information,
It includes channel information including control information for controlling channel movement and target channel information,
The control information includes information indicating movement of the communication channel,
The target channel information includes target channel information for moving the communication channel.
◈Claim 14 was abandoned at the time of payment of the registration fee.◈ 14. The method of claim 13,
When first identification information of a first communication channel on which wireless communication is performed between the relay device and the terminal device is obtained by the sensor, second identification information of a second communication channel different from the first communication channel is set to the target channel The method further comprising; generating the beacon signal by including it in the information.
◈Claim 15 was abandoned when paying the registration fee.◈ 15. The method of claim 14,
The second communication channel is a channel belonging to a band different from a band to which the first communication channel belongs.
◈Claim 16 was abandoned when paying the registration fee.◈ 15. The method of claim 14,
As the terminal device accesses the second communication channel based on the second identification information, communication performed between the relay device and the terminal device through the first communication channel is blocked.
◈Claim 17 was abandoned when paying the registration fee.◈ 11. The method of claim 10,
Wireless communication between the relay device and the terminal device,
A control method, performed according to the IEEE 802.11w standard.
◈Claim 18 was abandoned when paying the registration fee.◈ 11. The method of claim 10,
The electronic device is
A control method, implemented as a WIPS (Wireless Intrusion Prevention System) device.
A non-transitory computer-readable medium storing computer instructions that, when executed by a processor of an electronic device, cause the electronic device to perform an operation, the operation comprising:
when wireless communication between a relay device and at least one terminal device is sensed by a sensor, identifying whether each of the relay device and the at least one terminal device is an authorized device;
generating a beacon signal by including identification information of the relay device as source information; and
When at least one of the relay device or the at least one terminal device is identified as an unauthorized device, transmitting the beacon signal including communication channel movement information to the at least one terminal device;
The action is
When the at least one terminal device is identified as the unauthorized device, the beacon signal is generated by including the identification information of the at least one terminal device as destination information, and the relay device is determined to be the unauthorized device If identified, broadcast the beacon signal,
Identification information of the relay device and the at least one terminal device,
Each of the relay device and the at least one terminal device includes at least one of MAC address information, frame appearance frequency information, transmission rate information, data size information, communication channel information, and Received Signal Strength Indicator (RSSI) information. a non-transitory computer-readable medium.

Images